﻿using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
namespace John
{
    public partial class makeorder : System.Web.UI.Page
    {
        public string imgname;
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!IsPostBack)
            {
                read();
            }
        }
        private void read()
        {
            string sql = "select * from Products where pid="+Request.QueryString["id"].ToString();
            DBConn mydb = new DBConn();
            SqlDataReader dr = mydb.getDataReader(sql);
            if (dr.Read())
            {
                lblPName.Text = dr["pname"].ToString();
                Label1.Text = dr["pggxh"].ToString();
                Label2.Text = dr["PStock"].ToString();
                Label3.Text = dr["PBewrite"].ToString();
                lblPNPrice.Text = dr["PNPrice"].ToString();
                imgname = dr["PPicture"].ToString();
                txtTitle.Text = "[询价]" + dr["pname"].ToString();
                Label4.Text = dr["uname"].ToString();
            }
            dr.Close();
            mydb.Close();
        }
        protected void btnOK_Click(object sender, EventArgs e)
        {
            //TODO  jiangchen：先验证是否已经登录，如果登录系统，才能提交信息

            var session = Session["name"];
            if (session == null || string.IsNullOrEmpty(session.ToString()))
            {
                //Response.Write("<font color=#ff0000 style='FONT-SIZE: 12px'>对不起,您还没有登录，没有足够权限访问此页!!</font><br>");
                //Response.Write("<a href=login.aspx height=160;width=400>请先登陆</a><br>");
                Response.Write("<script>");
                Response.Write("alert('请先登录！')");
                Response.Write("</script>");
                return;
            }

            else
            {
                try
                {
                    string strUName = txtUserName.Text.Trim();
                    string strUPhone = txtUserPhone.Text.Trim();
                    string strUEmail = txtEmail.Text.Trim();
                    string strMTitle = txtTitle.Text.Trim();
                    string strMContent = txtContent.Text.Trim();

                    if (strUEmail == String.Empty || strMTitle == String.Empty || strMContent == String.Empty)
                    {
                        Response.Write("<script>");
                        Response.Write("alert('请把必填项添上!!!');");
                        Response.Write("</script>");
                        return;
                    }
                    if (strMContent.Length > 300)
                    {
                        Response.Write("<script>");
                        Response.Write("alert('内容太长了..(300字以内)!!!');");
                        Response.Write("</script>");
                        return;
                    }

                    //防止恶意刷信息
                    if (Session["messageCheck"] != null)
                    {
                        DateTime myDTime = (DateTime)Session["messageCheck"];
                        if (myDTime.AddMilliseconds(30000) > DateTime.Now)
                        {
                            Response.Write("<script>");
                            TimeSpan myTime = DateTime.Now - (DateTime)Session["messageCheck"];
                            Response.Write("alert('不能频繁提交,请在" + (60 - myTime.Seconds) + "秒后继续!!!');");
                            Response.Write("</script>");
                            return;
                        }
                    }
                    //过滤输入字符串
                    strUName = CleanString.htmlInputText(strUName);
                    strUPhone = CleanString.htmlInputText(strUPhone);
                    strUEmail = CleanString.htmlInputText(strUEmail);
                    strMTitle = CleanString.htmlInputText(strMTitle);
                    strMContent = CleanString.htmlInputText(strMContent);

                    //插入信息
                    string mySql = "insert into [message](UName,UPhone,UEmail,MTitle,MContent,hyname) values('" +
                                   strUName + "','" + strUPhone + "','" + strUEmail + "','" + strMTitle
                                    + "','" + strMContent + "','" + Label4.Text.Trim() + "')";
                    DBConn myDB = new DBConn();
                    myDB.Insert(mySql);
                    myDB.Close();

                    Session["messageCheck"] = DateTime.Now; //防止恶意刷信息 记录提交时间

                    Response.Write("<script>");
                    Response.Write("alert('成功提交！')");
                    Response.Write("</script>");
                    txtUserName.Text = "";
                    txtUserPhone.Text = "";
                    txtEmail.Text = "";
                    txtTitle.Text = "";
                    txtContent.Text = "";
                }
                catch
                {

                }
            }
        }
}
}